Create Scheduled task - run as logged on user

This topic contains 3 replies, has 4 voices, and was last updated by  Mark 7 months, 1 week ago.

  • Author
    Posts
  • #39034

    IanBurnell
    Participant

    I'm creating a Scheduled task from SCCM as follows
    $Action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "-NonInteractive -NoLogo -NoProfile -File '$env:windir\UserCustomisations.ps1'"
    $Trigger = New-ScheduledTaskTrigger -AtLogOn
    Register-ScheduledTask -Action $action -Trigger $trigger -TaskName 'CBC User Customisations' -Description 'Created by SCCM Build. Runs at logon under users own credential to run user specific customisations'

    This is fine BUT I want it to run under user context at logon time. I found an article about changing (manually) the run as to the "users" group and that appears to work, but what I can't do is to get that name into the Powershell cmd. I've tried saying -user 'Users' and 'Builtin\Users' but PS just throw up an error – I assume because its looking for a user rather than a group. Any thoughts ??

  • #39472

    Don Jones
    Keymaster

    As near as I can tell, the PowerShell cmdlets just weren't coded with this capability. You might just try using good ol' SchTasks.exe. It'll run fine in PowerShell.

  • #63000

    Jonathan Walz
    Participant

    Here's a quick example that will create a scheduled task that will run notepad in the context of the logged on user and then delete itself:

    $action = New-ScheduledTaskAction -Execute "notepad.exe"
    $trigger = New-ScheduledTaskTrigger -AtLogOn
    $principal = New-ScheduledTaskPrincipal -UserId (Get-CimInstance –ClassName Win32_ComputerSystem | Select-Object -expand UserName)
    $task = New-ScheduledTask -Action $action -Trigger $trigger -Principal $principal
    Register-ScheduledTask Notepad -InputObject $task
    Start-ScheduledTask -TaskName Notepad
    Start-Sleep -Seconds 5
    Unregister-ScheduledTask -TaskName notepad -Confirm:$false

  • #64084

    Mark
    Participant

    Here's the code that runs the necessary task on any user's log on. This is direct COM programming, so it works on Windows versions previous to 10 that are incompatible with New-ScheduledTaskAction etc commands as well.

    $ShedService = New-Object -comobject 'Schedule.Service'
    $ShedService.Connect('Computer_Name', 'User_Name', 'Domain_Name', 'Password')
    
    $Task = $ShedService.NewTask(0)
    $Task.RegistrationInfo.Description = 'Description goes here'
    $Task.Settings.Enabled = $true
    $Task.Settings.AllowDemandStart = $true
    
    $trigger = $task.triggers.Create(9)
    $trigger.Enabled = $true
    
    $action = $Task.Actions.Create(0)
    $action.Path = 'C:\Path\To\file.exe'
    $action.Arguments = '-arguments -if -any'
    
    $taskFolder = $ShedService.GetFolder("\")
    $taskFolder.RegisterTaskDefinition('Task_Name', $Task , 6, 'Users', $null, 4) 

    To schedule a task on localhost simplify the Connect() method:

    $ShedService.Connect()

    In this expression

    $trigger = $task.triggers.Create(8)

    9 – at user logon,
    Other triggers, like daily, monthly etc are listed here.

    $ShedService.GetFolder("\") – is Task Scheduler's root folder, you change that if your task needs to be in a custom one.

    $taskFolder.RegisterTaskDefinition("Task_Name", $Task , 6, 'Users', $null, 4)

    6 is a bitmask to create new or update an existing task. $null – we don't need password if we use group, generally this and the previous arguments correspond to /RU and /RP in schtasks.exe which is the 'run as user' context. And 4 stands for 'TASK_LOGON_GROUP', this is crucial for assigning task to a user group, you'll get exceptions otherwise. Other options are listed here.

You must be logged in to reply to this topic.